Composer how can I install another dependency without updating old ones

Question

I have a project with a few dependencies and I d like to install another one  but I d like to keep the others the way they are  So I ve edited the composer json  but if I run composer install  I get the following output   Installing dependencies from lock file Warning  The lock file is not up to date with the latest changes in composer json  You may be getting outdated dependencies  Run update to update them  Your requirements could not be resolved to an installable set of packages   Problem 1     - laravel framework dev-master requires ext-mcrypt   - gt  the requested PHP extension mcrypt is missing from your system      - laravel framework dev-master requires ext-mcrypt   - gt  the requested PHP extension mcrypt is missing from your system      - Installation request for laravel framework dev-master - gt  satisfiable by laravel framework dev-master    First of all  I do have mcrypt installed  so I don t know why it s complaining about that there   So  how can I install this new dependency   My composer json          require               opauth opauth                 opauth facebook                 opauth google                 opauth twitter                  imagine Imagine    dev-develop             laravel framework    4              loic-sharma profiler    dev-master              autoload              classmap                  app libraries                app commands                app controllers                app models                app database migrations                app tests TestCase php                        minimum-stability    dev

User · Answer

Actually  the correct solution is   composer require vendor package  Taken from the CLI documentation for Composer      The require command adds new packages to the composer json file from the current directory       php composer phar require      After adding changing the requirements  the modified requirements will be installed or updated       If you do not want to choose requirements interactively  you can just pass them to the command       php composer phar require vendor package 2   vendor package2 dev-master   While it is true that composer update installs new packages found in composer json  it will also update the composer lock file and any installed packages according to any fuzzy logic   gt  or   chars after the colons  found in composer json  This can be avoided by using composer update vendor package  but I wouldn t recommend making a habit of it  as you re one forgotten argument away from a potentially broken project     Keep things sane and stick with composer require vendor package for adding new dependencies

User · Answer

My use case is simpler  and fits simply your title but not your further detail   That is  I want to install a new package which is not yet in my composer json without updating all the other packages   The solution here is composer require x y

User · Answer

To install a new package and only that  you have two options    Using the require command  just run   composer require new package   Composer will guess the best version constraint to use  install the package  and add it to composer lock   You can also specify an explicit version constraint by running   composer require new package  2 5       OR      Using the update command  add the new package manually to composer json  then run   composer update new package    If Composer complains  stating  Your requirements could not be resolved to an installable set of packages    you can resolve this by passing the flag --with-dependencies  This will whitelist all dependencies of the package you are trying to install update  but none of your other dependencies    Regarding the question asker s issues with Laravel and mcrypt  check that it s properly enabled in your CLI php ini  If php -m doesn t list mcrypt then it s missing   Important  Don t forget to specify new package when using composer update  Omitting that argument will cause all dependencies  as well as composer lock  to be updated

User · Answer

In my case  I had a repo with    requirements A B C D in  json but only A B C in the  lock   In the meantime  A B C had newer versions with respect when the lock was generated   For some reason  I deleted the  vendors  and wanted to do a composer install and failed with the message   Warning  The lock file is not up to date with the latest changes in composer json  You may be getting outdated dependencies  Run update to update them  Your requirements could not be resolved to an installable set of packages    I tried to run the solution from Seldaek issuing a composer update vendorD libraryD but composer insisted to update more things  so  lock had too changes seen my my git tool   The solution I used was    Delete all the vendors dir  Temporarily remove the requirement VendorD LibraryD from the  json  run composer install  Then delete the file  json and checkout it again from the repo  equivalent to re-adding the file  but avoiding potential whitespace changes   Then run Seldaek s solution composer update vendorD libraryD   It did install the library  but in addition  git diff showed me that in the  lock only the new things were added without editing the other ones    Thnx Seldaek for the pointer

[composer-php] Composer: how can I install another dependency without updating old ones?

Examples related to composer-php